After assessing the risk of a change, the next step is to figure out how to
mitigate the risk. Mitigation has five core components. The first is to institute
a change advisory board: Does this change request meet a business need;
does it impact other events or changes; when should it be implemented? The
second is a test plan: How do you assess whether the change has been successful?
The third is a back-out plan: If the change is not successful, how
do you revert to the old service or system? The fourth component is a decision
point: How and when should you decide to implement a back-out
plan? The final part is preparation: What can you do and test in advance to
make sure that the change goes smoothly and takes the minimum amount
of time?